Vulnerabilities (CVE)

Filtered by vendor Bitdefender Subscribe
Filtered by product Gravityzone
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2830 1 Bitdefender 1 Gravityzone 2024-11-21 N/A 8.8 HIGH
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.
CVE-2022-0677 1 Bitdefender 3 Endpoint Security Tools, Gravityzone, Update Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.
CVE-2021-3960 1 Bitdefender 1 Gravityzone 2024-11-21 4.6 MEDIUM 7.1 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
CVE-2021-3959 1 Bitdefender 1 Gravityzone 2024-11-21 5.0 MEDIUM 6.8 MEDIUM
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272
CVE-2021-3823 1 Bitdefender 1 Gravityzone 2024-11-21 7.5 HIGH 7.1 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.
CVE-2021-3641 2 Bitdefender, Microsoft 2 Gravityzone, Windows 2024-11-21 3.6 LOW 6.1 MEDIUM
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.
CVE-2021-3554 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2024-11-21 7.5 HIGH 9.0 CRITICAL
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
CVE-2021-3553 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
CVE-2021-3552 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.
CVE-2018-8955 1 Bitdefender 1 Gravityzone 2024-11-21 7.5 HIGH 9.8 CRITICAL
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.
CVE-2017-8931 1 Bitdefender 1 Gravityzone 2024-11-21 10.0 HIGH 9.8 CRITICAL
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2014-5350 1 Bitdefender 1 Gravityzone 2024-11-21 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2024-4177 1 Bitdefender 1 Gravityzone 2024-06-11 N/A 9.8 CRITICAL
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.